Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-20312

    A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using Image... Read more

    Affected Products : debian_linux imagemagick
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-20311

    A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application... Read more

    Affected Products : imagemagick
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-20310

    A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application us... Read more

    Affected Products : imagemagick
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-20309

    A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The ... Read more

    Affected Products : debian_linux imagemagick
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20308

    Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.... Read more

    Affected Products : debian_linux htmldoc
    • Published: Apr. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20307

    Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.... Read more

    Affected Products : fedora debian_linux libpano13
    • Published: Apr. 05, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20306

    A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerabi... Read more

    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2021-20305

    A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly r... Read more

    • Published: Apr. 05, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-20304

    A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.... Read more

    Affected Products : openexr
    • Published: Aug. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-20303

    A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of t... Read more

    Affected Products : debian_linux openexr
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-20302

    A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is ... Read more

    Affected Products : debian_linux openexr
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2021-20300

    A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is ... Read more

    Affected Products : debian_linux openexr
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-20299

    A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.... Read more

    Affected Products : debian_linux openexr
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-20298

    A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.... Read more

    Affected Products : debian_linux openexr
    • Published: Aug. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-20297

    A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.... Read more

    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-20296

    A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from ... Read more

    Affected Products : debian_linux openexr
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-20295

    It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020... Read more

    Affected Products : qemu
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-20294

    A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact ... Read more

    Affected Products : binutils
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-20293

    A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacke... Read more

    Affected Products : oncommand_insight resteasy
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-20292

    There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performi... Read more

    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293639 Results